Python
User lookup endpoint in a Flask REST API
This route is part of an internal admin dashboard. It fetches a user record by ID passed as a query parameter.
⚡
Click on lines containing security vulnerabilities to flag them. Submit when ready.
app.py
1from flask import Flask, request, jsonify
2import sqlite3
3
4app = Flask(__name__)
5
6@app.route('/api/user')
7def get_user():
8 user_id = request.args.get('id')
9 query = f"SELECT * FROM users WHERE id = {user_id}"
10 conn = sqlite3.connect('db.sqlite3')
11 result = conn.execute(query).fetchone()
12 return jsonify(result)
Click suspicious lines above, then submit